O CentOS PAM não consegue abrir /etc/pam.d/system-auth

Question

O CentOS PAM não consegue abrir /etc/pam.d/system-auth

#1 resposta do (2 votos)

1

No gdm, marquei a opção "Exigir login com cartão inteligente", mas esqueci de adicionar qualquer cartão inteligente para autenticação. Então eu tentei inicializar a partir do LiveCD e desabilitar o SC auth. Algo deu errado e agora não consigo fazer login em nenhum usuário do sistema ("Login incorreto" para qualquer usuário sem solicitar senha). De / var / log / secure:

May 18 14:50:07 myloginname sshd[5180]: Server listening on 0.0.0.0 port 22.
May 17 14:50:07 myloginname sshd[5180]: Server listening on :: port 22.
May 17 14:50:28 myloginname polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:32 myloginname pam: gdm-password: gkr-pam: no password is available for user
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: PAM _pam_load_conf_file: unable to open /etc/pam.d/password-auth
May 17 14:50:36 myloginname pam: gdm-password: gkr-pam: no password is available for user
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:41 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:42 myloginname login: FAILED LOGIN SESSION FROM (null) FOR r, Permission denied
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:44 myloginname login: FAILED LOGIN SESSION FROM (null) FOR rppt, Permission denied
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth
May 17 14:50:47 myloginname login: FAILED LOGIN SESSION FROM (null) FOR root, Permission denied
May 17 14:50:49 myloginname polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.26, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
May 17 14:50:51 myloginname sshd[5180]: Received signal 15; terminating.

BTW, arquivos /etc/pam.d/* são ok, permissões também. Ajude-me, por favor. Obrigado!

UPDATE

root@kali:/media/blabla/etc/pam.d# ls -lh
total 208K
-rw-r--r--. 1 root root  272 Jan 30  2012 atd
-rw-r--r--. 1 root root   97 Feb 22  2013 authconfig
-rw-r--r--. 1 root root   97 Feb 22  2013 authconfig-gtk
-rw-r--r--. 1 root root   97 Feb 22  2013 authconfig-tui
-rw-r--r--. 1 root root  192 Nov 21 18:00 chfn
-rw-r--r--. 1 root root  192 Nov 21 18:00 chsh
-rw-r--r--. 1 root root  232 Nov 21 21:45 config-util
-rw-r--r--. 1 root root  293 Nov 21 16:19 crond
-rw-r--r--. 1 root root   71 Nov 21 16:18 cvs
-rw-r--r--. 1 root root  115 Nov 23  2010 eject
-rw-r--r--. 1 root root   71 Oct 28  2012 exim
-rw-r--r--. 1 root root  708 Nov 21 22:05 gdm
-rw-r--r--. 1 root root  480 Nov 21 22:05 gdm-autologin
-rw-r--r--. 1 root root  489 Nov 21 22:05 gdm-fingerprint
-rw-r--r--. 1 root root  701 Nov 21 22:05 gdm-password
-rw-r--r--. 1 root root  485 Nov 21 20:08 gnome-screensaver
-rw-r--r--. 1 root root  147 Oct  5  2009 halt
-rw-r--r--. 1 root root  134 Jul  8  2008 kcheckpass
-rw-r--r--. 1 root root  134 Jul  8  2008 kscreensaver
-rw-r--r--. 1 root root   70 Aug 28  2013 ksu
-rw-r--r--. 1 root root  728 Nov 21 18:00 login
-rw-r--r--. 1 root root  172 Nov 21 18:35 newrole
-rw-r--r--. 1 root root  336 May 26  2011 opcontrol
-rw-r--r--. 1 root root  154 Nov 21 21:45 other
-rw-r--r--. 1 root root  146 Feb 22  2012 passwd
lrwxrwxrwx. 1 root root   16 May 29  2013 password-auth -> password-auth-ac
-rw-r--r--  1 root root  935 May 17 10:42 password-auth-ac
-rw-r--r--. 1 root root  155 Sep 19  2013 polkit-1
-rw-r--r--. 1 root root  147 Oct  5  2009 poweroff
-rw-r--r--. 1 root root  144 Nov 24  2010 ppp
-rw-r--r--. 1 root root  147 Oct  5  2009 reboot
-rw-r--r--. 1 root root  613 Nov 21 18:00 remote
-rw-r--r--. 1 root root  167 Nov 21 18:35 run_init
-rw-r--r--. 1 root root  143 Oct 17  2013 runuser
-rw-r--r--. 1 root root  105 Oct 17  2013 runuser-l
-rw-r--r--. 1 root root  145 Jun  3  2013 setup
-rw-r--r--. 1 root root  575 Nov 25 16:50 sshd
-rw-r--r--. 1 root root  341 Nov 25 16:50 ssh-keycat
-rw-r--r--. 1 root root  487 Oct 17  2013 su
-rw-r--r--. 1 root root  202 Nov 21 18:03 sudo
-rw-r--r--. 1 root root  187 Nov 21 18:03 sudo-i
-rw-r--r--. 1 root root  137 Oct 17  2013 su-l
lrwxrwxrwx. 1 root root   14 May 29  2013 system-auth -> system-auth-ac
-rw-r--r--  1 root root 1.1K May 16 23:01 system-auth~
-rw-r--r--  1 root root 1.1K May 17 08:44 system-auth-ac
-rw-r--r--. 1 root root   97 Feb 22  2013 system-config-authentication
-rw-r--r--. 1 root root   97 Jul 22  2013 system-config-date
-rw-r--r--. 1 root root   97 Feb 21  2013 system-config-kdump
-rw-r--r--. 1 root root   97 Jun 12  2013 system-config-keyboard
-rw-r--r--. 1 root root   97 Nov 24  2010 system-config-network
-rw-r--r--. 1 root root   97 Nov 24  2010 system-config-network-cmd
-rw-r--r--. 1 root root  118 Oct 18  2012 system-config-users
-rw-r--r--. 1 root root  233 Mar 31 19:00 wireshark
-rw-r--r--. 1 root root  163 Dec 23 21:36 xserver



root@kali:/media/blabla/etc/pam.d# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so

auth        [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid

#auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so



root@kali:/media/blabla/etc/pam.d# cat password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
#auth        required      pam_deny.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

password pam linux centos

por twim 17.05.2014 / 14:18

1 resposta

Tags password pam linux centos

Diagnosticar uma falha do servidor, possivelmente CPU temp “Impossível abrir logs” no log de erros do apache debian

score 2 · Accepted Answer

Sim, entendi! Os caras estavam certos. o contexto do selinux foi quebrado para arquivos de configuração.

Basta executar

restorecon -Rv /etc/pam.d

no modo de usuário único signle init=/bin/bash no GRUB. Em seguida, reinicie e aguarde até que o sistema de arquivos seja auto-ativado pelo selinux.

É isso aí!

UPDATE: para aqueles que querem desativar o SC auth: Vá para o /etc/sysconfig/authconfig e defina FORCESMARTCARD e USESMARTCARD para no . Não tente excluir nenhum arquivo em /etc/pam.d ! ;)